Hi All,
I am trying to set up Route-based IPSec VPN between SRX345 and Cisco RVI 130 but not work with the following error: IKE negotiation failed with error: IKE gateway configuration lookup failed during negotiation.
Can anyone advise on this?
Enclosed screenshots from RVI130 and below is SRX345 config:
security {
ike {
proposal ikephase1proposal_VPN1 {
authentication-method pre-shared-keys;
dh-group group2;
authentication-algorithm sha1;
encryption-algorithm aes-256-cbc;
lifetime-seconds 28800;
}
policy ikephase1policy_VPN1 {
mode aggressive;
proposals ikephase1proposal_VPN1;
pre-shared-key ascii-text "Password"; ## SECRET-DATA
}
gateway gw-VPN1 {
ike-policy ikephase1policy_VPN1;
address 10.10.10.10;
external-interface reth1.0;
}
}
ipsec {
proposal ipsecphase2proposal_VPN1 {
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-256-cbc;
lifetime-seconds 3600;
}
policy ipsecphase2policy_VPN1 {
perfect-forward-secrecy {
keys group2;
}
proposals ipsecphase2proposal_VPN1;
}
vpn ike-vpn-VPN1 {
bind-interface st8.0;
ike {
gateway gw-VPN1;
ipsec-policy ipsecphase2policy_VPN1;
}
}
}
flow {
tcp-mss {
ipsec-vpn {
mss 1350;
}
}
}